The Cybersecurity and Infrastructure Security Agency (CISA) has issued new supplemental guidance asking federal agencies that ran affected versions of SolarWinds Orion software to conduct a forensic analysis by the end of the month.

The latest (v3) supplemental guidance, which supersedes both v1 and v2 of the supplemental guidance and Required Action 4 of ED 21-01, is provided pursuant to ED 21-01.

ED 21-01 directed agencies to immediately disconnect or power down certain SolarWinds Orion platform versions from their network. Based on developing information, on December 18, 2020, CISA provided supplemental guidance listing a subset of versions that have been identified as containing a malicious backdoor aka TEARDROP or SUNBURST (“affected versions”).

All other versions of the SolarWinds Orion platforms, regardless of whether included in the original range identified in ED 21-01, have been identified as not containing that malicious backdoor (“unaffected versions”).

The following versions of SolarWinds Orion software are considered affected versions:

• Orion Platform 2019.4 HF5, DLL version 2019.4.5200.9083
• Orion Platform 2020.2 RC1, DLL version 2020.2.100.12219
• Orion Platform 2020.2 RC2, DLL version 2020.2.5200.12394
• Orion Platform 2020.2, DLL version 2020.2.5300.12432
• Orion Platform 2020.2 HF1, DLL version 2020.2.5300.124325